Information Security & Risk Manager - Fintech

Company: Fisher Investments
Location: Portland
Posted on: November 13, 2024

Job Description:

It's an exciting time to join Fisher Investments; we're investing in the future of our firm's technology and information security. Our business is growing internationally, which emphasizes the need to build an unparalleled team that promotes future global growth through strategic solutions and progress. We are important to supporting our firm's diverse businesses, and we are excited to continue solidifying that foundation as we add more experienced technologists to our Technology team.
The Information Security Risk Management position, reporting to the Associate VP of Information Security, will work with Information Security, Technology, Project, and Enterprise Risk Management teams to perform technology risk analysis and recommend controls. You will also develop, recommend, and implement technology risk practices following Fisher Investments Digital Asset risk management goals.
Represent Information Security in Enterprise Risk Management technology reviews for Digital Assets, including evaluation of inherent risk, researching vendor practices and controls, recommending new practices and controls, and estimating residual risk
* Continuously mature Enterprise Risk Management evaluation procedures for Digital Assets
* Continuously collaborate with Information Security, Technology, and Data Privacy Subject Matter Experts to determine efficacy of technical and practical Digital Asset controls
* Research new possible technical and practical Digital Asset risk controls
* Perform security-focused risk and gap assessments to identify, document and track security risks associated with Cloud and physical IT infrastructure and services, Applications, Information systems, and Vendors/other third parties
* Identify risk levels and associated controls to manage risk levels applying both quantitative and qualitative techniques
* Translate risk management measures from technical to business language
* Provide security risk services to business owners and partners
* Understand and maintain a broad knowledge of methodologies and technologies in the area of risk assessments and controls measures
3+ years of experience in Enterprise Risk Management for Digital Assets, including development of risk evaluation processes, control evaluations and recommendations, and vendor research
* 3+ years of experience in Digital Asset audit review experience (including SOC 2 Type II, SOX compliance, PCI compliance, vulnerability reports, retention policies)
* Knowledge of Information Security and risk standards and frameworks such as NIST 800-53, CIS benchmarks, OWASP, ISO-27001, and COSO
* Experience assessing risk or implementing controls in a cloud-based enterprise environment
* Extensive knowledge of information systems, risk assessment methodologies and security control technologies
* Ability to balance risks in ambiguous and complex scenarios
* Experience in GRC platforms
Eligible for a discretionary bonus based on firm and individual performance
Why Fisher Investments:
We work for a bigger purpose: bettering the investment universe. It's the people that make the Fisher purpose possible, and we invest in them by offering exceptional benefits like:
* 100% paid medical, dental and vision premiums for you and your qualifying dependents
* 20 days of PTO, plus 10 paid holidays
* Family Support programs including 8 week Paid Primary Caregiver Leave, fertility, family forming, and hormonal health assistance and back-up child, adult, and elder care
* $Opportunity to participate in our hybrid work from home program. Based on tenure and performance eligibility, you will have the opportunity to work from home up to 75 days per year
FISHER INVESTMENTS IS AN EQUAL OPPORTUNITY EMPLOYER

Keywords: Fisher Investments, Hillsboro , Information Security & Risk Manager - Fintech, Executive , Portland, Oregon